Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

ezbookkeeping

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

3
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2025-65519
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.89%
||
7 Day CHG~0.00%
Published-18 Feb, 2026 | 00:00
Updated-20 Feb, 2026 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML file import processing. The application fails to validate nesting depth during parsing operations, allowing authenticated attackers to trigger denial of service conditions by uploading deeply nested malicious files. This results in CPU exhaustion, service degradation, or complete service unavailability.

Action-Not Available
Vendor-mayswindn/a
Product-ezbookkeepingn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2024-57603
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.03% / 10.44%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 00:00
Updated-06 Jun, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting.

Action-Not Available
Vendor-mayswindn/a
Product-ezbookkeepingn/a
CWE ID-CWE-799
Improper Control of Interaction Frequency
CVE-2024-57604
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.54% / 67.04%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 00:00
Updated-06 Jun, 2025 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component.

Action-Not Available
Vendor-mayswindn/a
Product-ezbookkeepingn/a
CWE ID-CWE-276
Incorrect Default Permissions